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Amendments to the Claims 

This listing of claims will replace all prior versions of claims in the Application. 

WHAT IS CLAIMED IS: 

1. (currently amended) A data processing apparatus for a vehicle, including: 

a first data processing unit (A) connected to device control units of the vehicle; 

a second data processing unit (B) connected to communications apparatus 
providing a wireless connection to an external network, such that operation requests can 
be received at the second data processing unit (B) from the extemal network; 

a data communications link between the first and second data processing units; 

and 

a gateway component for controlling communications across the data communications 
link, the gateway component limiting passing of the operation requests from the second data 
processing unit will b e pass e d to the vehicle's device control units to only a predefined set of 
permitted operations. 

2. (currently amended) A data processing apparatus according to claim 1, wherein the first data 
processing unit (A) is adapted to store in an unmodifiable form a list of said predefined set of 
permitted operations and includes a gateway component for comparing all operation requests 
received from the second data processing unit {B) with the list of permitted operations, and then 
to pass the permitted operation requests to respective ones of said device control units and 

to discard non-permitted operation requests. 

3. (currently amended) A data processing apparatus according to claim 2 wherein the first data 
processing unit {A) includes a static operating system environment and the gateway component 
of the first data processing unit (A) runs in the static operating system environment. 
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4. (currently amended) A data processing apparatus according to claim 1, wherein the second 
data processing unit {B} is adapted to store one or more access control lists defining which 
operation requests are permitted for particular requestors, and wherein the second data 
processing unit (B) includes a gateway component for comparing all operation requests for th e 
performanc e of op e rations on the first data processing unit (A} with the access control lists and 
only passing to the first data processing unit (A) those operation requests which are permitted for 
the respective requestors and discarding non-permitted operation requests. 

5. (currently amended) A data processing apparatus according to claim 1, wherein: 
the first data processing unit {A} includes a Real Time Operating System; and 

the second data processing unit (B) includes means for performing authentication of 
requestors and a gateway component for comparing all operation requests for th e p e rformanc e 
of op e rations sent to the first data processing unit (A) with access control lists and for passing to 
the first data processing unit (A) only those operation requests which are permitted for the 
respective requestors and discarding non-permitted operation requests, 

6. (original) A data processing apparatus, including: 

a first data processing unit connected to one or more security-critical resources; 
a second data processing unit connected to an extemal communications network 
such that operation requests can be received fi:'om the extemal network; and 

a data communications link between the first and second data processing units; 

and 

a gateway component for controlling communications across the link, the gateway 
component limiting the operations which can be performed at the first data processing 
unit in response to requests fi"om the second processing unit to only a predefined set of 
permitted operations. 

7. (original) A data processing apparatus according to claim 6, wherein the first and second 
data processing units and the link between them are implemented within a network-connected 
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home environment, and the security-critical resources include security-critical 

devices within the home which are managed by application programs running on the first 

data processing unit. 

8. (original) A data processing apparatus according to claim 6, wherein the external network is 
the hitemet. 

9. (original) A secure gateway computer program for a network-connected vehicle, 
comprising: 

a first gateway component for running on a first data processing unit connected to 
one or more device control units of the vehicle; and 

a second gateway component for running on a second data processing unit 
connected to communications apparatus for providing a wireless connection to an 
external network; 

wherein the first and second components of the secure gateway computer program 
are adapted to jointly control communications across a link between the first and second 
data processing units so as to limit the operations which can be performed at the first data 
processing unit in response to requests fi*om the second processing unit to only a 
predefined set of permitted operations. 

10. (original) A method for controlling the initiation of operations relating to secure resources 
on a first data processing unit such that only a limited predefined set of operations can be 
initiated by requests firom a second data processing unit connected to the first data 
processing unit by a communications link, the method comprising: 

storing a list of permitted operations which can be requested firom the second data 
processing unit; 

comparing, by a secure gateway component which controls communications 
across the communications link, requests to perform operations relating to secure 
resources on the first data processing unit with the list of permitted operations; and 
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only executing the permitted operations. 

1 1 . (original) A method according to claim 10, implemented within a vehicle which includes 
the first and second data processing units, wherein the secure resources include the 
vehicle's internal device control units. 
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